diff options
author | Damien Miller <djm@mindrot.org> | 2011-05-15 08:51:05 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2011-05-15 08:51:05 +1000 |
commit | 7c1b2c4ea8a5d06908dda3f8e406b902b81fe905 (patch) | |
tree | d4feec6013425aa759cb0e0d4863de23c8cc2997 | |
parent | 3219824f2d8b0ea1711818745b046931ffcd3918 (diff) |
- djm@cvs.openbsd.org 2011/05/11 04:47:06
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
remove support for authorized_keys2; it is a relic from the early days
of protocol v.2 support and has been undocumented for many years;
ok markus@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth.c | 8 | ||||
-rw-r--r-- | auth.h | 3 | ||||
-rw-r--r-- | auth2-pubkey.c | 8 | ||||
-rw-r--r-- | pathnames.h | 5 | ||||
-rw-r--r-- | servconf.c | 15 | ||||
-rw-r--r-- | servconf.h | 3 |
7 files changed, 11 insertions, 36 deletions
@@ -66,6 +66,11 @@ | |||
66 | [authfile.c] | 66 | [authfile.c] |
67 | despam debug() logs by detecting that we are trying to load a private key | 67 | despam debug() logs by detecting that we are trying to load a private key |
68 | in key_try_load_public() and returning early; ok markus@ | 68 | in key_try_load_public() and returning early; ok markus@ |
69 | - djm@cvs.openbsd.org 2011/05/11 04:47:06 | ||
70 | [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] | ||
71 | remove support for authorized_keys2; it is a relic from the early days | ||
72 | of protocol v.2 support and has been undocumented for many years; | ||
73 | ok markus@ | ||
69 | 74 | ||
70 | 20110510 | 75 | 20110510 |
71 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix | 76 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.92 2011/05/11 04:47:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -361,12 +361,6 @@ authorized_keys_file(struct passwd *pw) | |||
361 | } | 361 | } |
362 | 362 | ||
363 | char * | 363 | char * |
364 | authorized_keys_file2(struct passwd *pw) | ||
365 | { | ||
366 | return expand_authorized_keys(options.authorized_keys_file2, pw); | ||
367 | } | ||
368 | |||
369 | char * | ||
370 | authorized_principals_file(struct passwd *pw) | 364 | authorized_principals_file(struct passwd *pw) |
371 | { | 365 | { |
372 | if (options.authorized_principals_file == NULL) | 366 | if (options.authorized_principals_file == NULL) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.67 2011/03/10 11:34:25 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.68 2011/05/11 04:47:06 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -169,7 +169,6 @@ int verify_response(Authctxt *, const char *); | |||
169 | void abandon_challenge_response(Authctxt *); | 169 | void abandon_challenge_response(Authctxt *); |
170 | 170 | ||
171 | char *authorized_keys_file(struct passwd *); | 171 | char *authorized_keys_file(struct passwd *); |
172 | char *authorized_keys_file2(struct passwd *); | ||
173 | char *authorized_principals_file(struct passwd *); | 172 | char *authorized_principals_file(struct passwd *); |
174 | 173 | ||
175 | FILE *auth_openkeyfile(const char *, struct passwd *, int); | 174 | FILE *auth_openkeyfile(const char *, struct passwd *, int); |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 7d2141355..a97509c28 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.28 2011/05/11 04:47:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -451,13 +451,7 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
451 | file = authorized_keys_file(pw); | 451 | file = authorized_keys_file(pw); |
452 | success = user_key_allowed2(pw, key, file); | 452 | success = user_key_allowed2(pw, key, file); |
453 | xfree(file); | 453 | xfree(file); |
454 | if (success) | ||
455 | return success; | ||
456 | 454 | ||
457 | /* try suffix "2" for backward compat, too */ | ||
458 | file = authorized_keys_file2(pw); | ||
459 | success = user_key_allowed2(pw, key, file); | ||
460 | xfree(file); | ||
461 | return success; | 455 | return success; |
462 | } | 456 | } |
463 | 457 | ||
diff --git a/pathnames.h b/pathnames.h index e2dd49a9b..787bdb676 100644 --- a/pathnames.h +++ b/pathnames.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: pathnames.h,v 1.21 2011/05/11 04:47:06 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -96,9 +96,6 @@ | |||
96 | */ | 96 | */ |
97 | #define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" | 97 | #define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" |
98 | 98 | ||
99 | /* backward compat for protocol v2 */ | ||
100 | #define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" | ||
101 | |||
102 | /* | 99 | /* |
103 | * Per-user and system-wide ssh "rc" files. These files are executed with | 100 | * Per-user and system-wide ssh "rc" files. These files are executed with |
104 | * /bin/sh before starting the shell or command if they exist. They will be | 101 | * /bin/sh before starting the shell or command if they exist. They will be |
diff --git a/servconf.c b/servconf.c index 48cb0d5b1..03a503d07 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.214 2011/03/29 18:54:17 stevesk Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.215 2011/05/11 04:47:06 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -127,7 +127,6 @@ initialize_server_options(ServerOptions *options) | |||
127 | options->client_alive_interval = -1; | 127 | options->client_alive_interval = -1; |
128 | options->client_alive_count_max = -1; | 128 | options->client_alive_count_max = -1; |
129 | options->authorized_keys_file = NULL; | 129 | options->authorized_keys_file = NULL; |
130 | options->authorized_keys_file2 = NULL; | ||
131 | options->num_accept_env = 0; | 130 | options->num_accept_env = 0; |
132 | options->permit_tun = -1; | 131 | options->permit_tun = -1; |
133 | options->num_permitted_opens = -1; | 132 | options->num_permitted_opens = -1; |
@@ -264,13 +263,6 @@ fill_default_server_options(ServerOptions *options) | |||
264 | options->client_alive_interval = 0; | 263 | options->client_alive_interval = 0; |
265 | if (options->client_alive_count_max == -1) | 264 | if (options->client_alive_count_max == -1) |
266 | options->client_alive_count_max = 3; | 265 | options->client_alive_count_max = 3; |
267 | if (options->authorized_keys_file2 == NULL) { | ||
268 | /* authorized_keys_file2 falls back to authorized_keys_file */ | ||
269 | if (options->authorized_keys_file != NULL) | ||
270 | options->authorized_keys_file2 = xstrdup(options->authorized_keys_file); | ||
271 | else | ||
272 | options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2); | ||
273 | } | ||
274 | if (options->authorized_keys_file == NULL) | 266 | if (options->authorized_keys_file == NULL) |
275 | options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); | 267 | options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS); |
276 | if (options->permit_tun == -1) | 268 | if (options->permit_tun == -1) |
@@ -1252,9 +1244,6 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1252 | case sAuthorizedKeysFile: | 1244 | case sAuthorizedKeysFile: |
1253 | charptr = &options->authorized_keys_file; | 1245 | charptr = &options->authorized_keys_file; |
1254 | goto parse_tilde_filename; | 1246 | goto parse_tilde_filename; |
1255 | case sAuthorizedKeysFile2: | ||
1256 | charptr = &options->authorized_keys_file2; | ||
1257 | goto parse_tilde_filename; | ||
1258 | case sAuthorizedPrincipalsFile: | 1247 | case sAuthorizedPrincipalsFile: |
1259 | charptr = &options->authorized_principals_file; | 1248 | charptr = &options->authorized_principals_file; |
1260 | parse_tilde_filename: | 1249 | parse_tilde_filename: |
@@ -1519,7 +1508,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1519 | M_CP_STROPT(trusted_user_ca_keys); | 1508 | M_CP_STROPT(trusted_user_ca_keys); |
1520 | M_CP_STROPT(revoked_keys_file); | 1509 | M_CP_STROPT(revoked_keys_file); |
1521 | M_CP_STROPT(authorized_keys_file); | 1510 | M_CP_STROPT(authorized_keys_file); |
1522 | M_CP_STROPT(authorized_keys_file2); | ||
1523 | M_CP_STROPT(authorized_principals_file); | 1511 | M_CP_STROPT(authorized_principals_file); |
1524 | } | 1512 | } |
1525 | 1513 | ||
@@ -1737,7 +1725,6 @@ dump_config(ServerOptions *o) | |||
1737 | dump_cfg_string(sMacs, o->macs); | 1725 | dump_cfg_string(sMacs, o->macs); |
1738 | dump_cfg_string(sBanner, o->banner); | 1726 | dump_cfg_string(sBanner, o->banner); |
1739 | dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); | 1727 | dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file); |
1740 | dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2); | ||
1741 | dump_cfg_string(sForceCommand, o->adm_forced_command); | 1728 | dump_cfg_string(sForceCommand, o->adm_forced_command); |
1742 | dump_cfg_string(sChrootDirectory, o->chroot_directory); | 1729 | dump_cfg_string(sChrootDirectory, o->chroot_directory); |
1743 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); | 1730 | dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); |
diff --git a/servconf.h b/servconf.h index 5a058a416..3f04b8501 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -146,7 +146,6 @@ typedef struct { | |||
146 | */ | 146 | */ |
147 | 147 | ||
148 | char *authorized_keys_file; /* File containing public keys */ | 148 | char *authorized_keys_file; /* File containing public keys */ |
149 | char *authorized_keys_file2; | ||
150 | 149 | ||
151 | char *adm_forced_command; | 150 | char *adm_forced_command; |
152 | 151 | ||